PowerDecode-2[.]7[.]1[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

PowerDecode-2.7.1.zip
Size

6.3MB
MD5

f55ade5ba78577f8162069ac0ef19d48
SHA1

e8f659d925d73ed7f83298d643b7fb81a4ff522b
SHA256

87c7771a94b8bf1f656034659975200630ba21c84f9b71b373b55392279080b3
SHA512

1d581e1b7285436dec346f68813e4368e579078c6c35c121b111fb0ea1fa08b6d2954b0e4bba33a8558788932d92e8fac2e7c7fc5a7404114a5f1ed21592cba7
SSDEEP

196608:Ns2PgqLLCiMR30ZzHPhPB13MVvQfgwOCY2xqd9Vn:NTYqLLCFV0tHD18Vt6srVn

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://www.geocities.jp/frgrjxq1/f0921.ps1

ps1.dropper

http://212.163.35.67/upload/Kernel32.ps1

ps1.dropper

https://topbrains.it/article/c-bat

ps1.dropper

https://invesco.online/aaa

ps1.dropper

https://www.security-support.tech/alc.gif

exe.dropper

http://inteliil.faith/mese

exe.dropper

https://naiillad.date/ex3.exe

exe.dropper

http://berurn.com/vips

exe.dropper

http://inteliil.faith/documento.exe

exe.dropper

https://inteldowload.date/foglio

exe.dropper

https://futanostra.win/foglio.ful

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PowerDecode-2.7.1/capstone/lib/capstone.dll
unpack001/PowerDecode-2.7.1/capstone/lib/x64/libcapstone.dll
unpack001/PowerDecode-2.7.1/capstone/lib/x86/libcapstone.dll
unpack001/PowerDecode-2.7.1/litedb.5.0.11/lib/net45/LiteDB.dll
unpack001/PowerDecode-2.7.1/litedb.5.0.11/lib/netstandard1.3/LiteDB.dll
unpack001/PowerDecode-2.7.1/litedb.5.0.11/lib/netstandard2.0/LiteDB.dll

Files

PowerDecode-2.7.1.zip
.zip
PowerDecode-2.7.1/GUI.ps1
.ps1
PowerDecode-2.7.1/LICENSE.txt
PowerDecode-2.7.1/Logo.PNG
.png
PowerDecode-2.7.1/MalwareRepository.db
.ps1
PowerDecode-2.7.1/PowerDecode.bat
PowerDecode-2.7.1/README.md
.ps1
PowerDecode-2.7.1/capstone/LICENSE.TXT
PowerDecode-2.7.1/capstone/lib/capstone.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PowerDecode-2.7.1/capstone/lib/x64/libcapstone.dll
.dll windows:4 windows x64 arch:x64

07730dbbe2e10a9d5b07bd96daaa9165

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__iob_func
_amsg_exit
_initterm
_lock
_onexit
_stricmp
_unlock
_vsnprintf
abort
calloc
free
fwrite
malloc
memcpy
memmove
memset
puts
realloc
signal
sprintf
strcat
strchr
strcmp
strcpy
strlen
strncmp
strncpy
strrchr
tolower
vfprintf

Exports

Exports

A64AT_ATMapper
A64DB_DBarrierMapper
A64DC_DCMapper
A64IC_ICMapper
A64ISB_ISBMapper
A64Imms_isLogicalImmBits
A64PRFM_PRFMMapper
A64PState_PStateMapper
A64TLBI_TLBIMapper
AArch64_MRSMapper
AArch64_MSRMapper
AArch64_enable
AArch64_getInstruction
AArch64_get_insn_id
AArch64_get_insn_id2
AArch64_init
AArch64_insn_name
AArch64_map_insn
AArch64_post_printer
AArch64_printInst
AArch64_reg_name
ARM_enable
ARM_getInstruction
ARM_get_insn_id
ARM_get_insn_id2
ARM_init
ARM_insn_name
ARM_map_insn
ARM_post_printer
ARM_printInst
ARM_reg_name
ARM_rel_branch
MCInst_Init
MCInst_addOperand
MCInst_addOperand2
MCInst_clear
MCInst_getNumOperands
MCInst_getOpcode
MCInst_getOpcodePub
MCInst_getOperand
MCInst_insert
MCInst_setOpcode
MCInst_setOpcodePub
MCOperandInfo_isOptionalDef
MCOperandInfo_isPredicate
MCOperand_CreateFPImm
MCOperand_CreateImm
MCOperand_CreateReg
MCOperand_Init
MCOperand_getFPImm
MCOperand_getImm
MCOperand_getReg
MCOperand_isFPImm
MCOperand_isImm
MCOperand_isReg
MCOperand_isValid
MCOperand_setFPImm
MCOperand_setImm
MCOperand_setReg
MCRegisterClass_contains
MCRegisterInfo_InitMCRegisterInfo
MCRegisterInfo_getMatchingSuperReg
MCRegisterInfo_getRegClass
MCRegisterInfo_getSubReg
Mips64_getInstruction
Mips_enable
Mips_getInstruction
Mips_get_insn_id
Mips_get_insn_id2
Mips_init
Mips_insn_name
Mips_map_insn
Mips_map_register
Mips_printInst
Mips_reg_name
NamedImmMapper_fromString
NamedImmMapper_toString
NamedImmMapper_validImm
PPC_enable
PPC_getInstruction
PPC_get_insn_id
PPC_get_insn_id2
PPC_init
PPC_insn_name
PPC_map_insn
PPC_map_register
PPC_post_printer
PPC_printInst
PPC_reg_name
SStream_Init
SStream_concat
SysRegMapper_toString
Thumb_getInstruction
X86_ATT_printInst
X86_Intel_printInst
X86_enable
X86_getInstruction
X86_get_insn_id
X86_get_insn_id2
X86_insn_check_combine
X86_insn_combine
X86_insn_name
X86_map_insn
X86_post_printer
X86_reg_name
all_arch
arch_destroy
arch_init
arch_option
count_positive
cs_close
cs_disasm_ex
cs_errno
cs_free
cs_insn_group
cs_insn_name
cs_mem_calloc
cs_mem_free
cs_mem_malloc
cs_mem_realloc
cs_op_count
cs_op_index
cs_open
cs_option
cs_reg_name
cs_reg_read
cs_reg_write
cs_strdup
cs_strerror
cs_support
cs_version
cs_vsnprintf
decodeInstruction
enable_arm64
enable_mips
enable_powerpc
enable_x86
insn_find
insn_reverse_id
name2id
str_in_list
x86_map_regname
x86_map_segment
x86_map_sib_base
x86_map_sib_index

Sections

.text
Size: 447KB - Virtual size: 446KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1010KB - Virtual size: 1010KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 701B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PowerDecode-2.7.1/capstone/lib/x86/libcapstone.dll
.dll windows:4 windows x86 arch:x86

42bb568aa0e1583ac1fd29ba06977218

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
_amsg_exit
_initterm
_iob
_lock
_onexit
_stricmp
_unlock
_vsnprintf
_winmajor
abort
calloc
free
fwrite
malloc
memcpy
memmove
memset
puts
realloc
sprintf
strcat
strchr
strcmp
strcpy
strlen
strncmp
strncpy
strrchr
tolower
vfprintf

Exports

Exports

A64AT_ATMapper
A64DB_DBarrierMapper
A64DC_DCMapper
A64IC_ICMapper
A64ISB_ISBMapper
A64Imms_isLogicalImmBits
A64PRFM_PRFMMapper
A64PState_PStateMapper
A64TLBI_TLBIMapper
AArch64_MRSMapper
AArch64_MSRMapper
AArch64_enable
AArch64_getInstruction
AArch64_get_insn_id
AArch64_get_insn_id2
AArch64_init
AArch64_insn_name
AArch64_map_insn
AArch64_post_printer
AArch64_printInst
AArch64_reg_name
ARM_enable
ARM_getInstruction
ARM_get_insn_id
ARM_get_insn_id2
ARM_init
ARM_insn_name
ARM_map_insn
ARM_post_printer
ARM_printInst
ARM_reg_name
ARM_rel_branch
MCInst_Init
MCInst_addOperand
MCInst_addOperand2
MCInst_clear
MCInst_getNumOperands
MCInst_getOpcode
MCInst_getOpcodePub
MCInst_getOperand
MCInst_insert
MCInst_setOpcode
MCInst_setOpcodePub
MCOperandInfo_isOptionalDef
MCOperandInfo_isPredicate
MCOperand_CreateFPImm
MCOperand_CreateImm
MCOperand_CreateReg
MCOperand_Init
MCOperand_getFPImm
MCOperand_getImm
MCOperand_getReg
MCOperand_isFPImm
MCOperand_isImm
MCOperand_isReg
MCOperand_isValid
MCOperand_setFPImm
MCOperand_setImm
MCOperand_setReg
MCRegisterClass_contains
MCRegisterInfo_InitMCRegisterInfo
MCRegisterInfo_getMatchingSuperReg
MCRegisterInfo_getRegClass
MCRegisterInfo_getSubReg
Mips64_getInstruction
Mips_enable
Mips_getInstruction
Mips_get_insn_id
Mips_get_insn_id2
Mips_init
Mips_insn_name
Mips_map_insn
Mips_map_register
Mips_printInst
Mips_reg_name
NamedImmMapper_fromString
NamedImmMapper_toString
NamedImmMapper_validImm
PPC_enable
PPC_getInstruction
PPC_get_insn_id
PPC_get_insn_id2
PPC_init
PPC_insn_name
PPC_map_insn
PPC_map_register
PPC_post_printer
PPC_printInst
PPC_reg_name
SStream_Init
SStream_concat
SysRegMapper_toString
Thumb_getInstruction
X86_ATT_printInst
X86_Intel_printInst
X86_enable
X86_getInstruction
X86_get_insn_id
X86_get_insn_id2
X86_insn_check_combine
X86_insn_combine
X86_insn_name
X86_map_insn
X86_post_printer
X86_reg_name
all_arch
arch_destroy
arch_init
arch_option
count_positive
cs_close
cs_disasm_ex
cs_errno
cs_free
cs_insn_group
cs_insn_name
cs_mem_calloc
cs_mem_free
cs_mem_malloc
cs_mem_realloc
cs_op_count
cs_op_index
cs_open
cs_option
cs_reg_name
cs_reg_read
cs_reg_write
cs_strdup
cs_strerror
cs_support
cs_version
cs_vsnprintf
decodeInstruction
enable_arm64
enable_mips
enable_powerpc
enable_x86
insn_find
insn_reverse_id
name2id
str_in_list
x86_map_regname
x86_map_segment
x86_map_sib_base
x86_map_sib_index

Sections

.text
Size: 514KB - Virtual size: 514KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 785KB - Virtual size: 784KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 747B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PowerDecode-2.7.1/litedb.5.0.11/AppVeyorSettings.json
PowerDecode-2.7.1/litedb.5.0.11/LICENSE
PowerDecode-2.7.1/litedb.5.0.11/LiteDB.nuspec
PowerDecode-2.7.1/litedb.5.0.11/[Content_Types].xml
.xml
PowerDecode-2.7.1/litedb.5.0.11/icon_64x64.png
.png
PowerDecode-2.7.1/litedb.5.0.11/lib/net45/LiteDB.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\litedb\LiteDB\obj\Release\net45\LiteDB.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 474KB - Virtual size: 473KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PowerDecode-2.7.1/litedb.5.0.11/lib/net45/LiteDB.xml
.xml
PowerDecode-2.7.1/litedb.5.0.11/lib/netstandard1.3/LiteDB.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\litedb\LiteDB\obj\Release\netstandard1.3\LiteDB.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 473KB - Virtual size: 473KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PowerDecode-2.7.1/litedb.5.0.11/lib/netstandard1.3/LiteDB.xml
.xml
PowerDecode-2.7.1/litedb.5.0.11/lib/netstandard2.0/LiteDB.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\projects\litedb\LiteDB\obj\Release\netstandard2.0\LiteDB.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 473KB - Virtual size: 473KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PowerDecode-2.7.1/litedb.5.0.11/lib/netstandard2.0/LiteDB.xml
.xml
PowerDecode-2.7.1/litedb.5.0.11/package/services/metadata/core-properties/6a0f3d650806420ba628286b066dc49e.psmdcp
.xml
PowerDecode-2.7.1/package/Assembly.format.ps1xml
PowerDecode-2.7.1/package/DatabaseFunctions.ps1
.ps1
PowerDecode-2.7.1/package/DecodeBase64Functions.ps1
.ps1
PowerDecode-2.7.1/package/DeobfuscationByOverridingFunctions.ps1
.ps1
PowerDecode-2.7.1/package/DeobfuscationByRegexFunctions.ps1
.ps1
PowerDecode-2.7.1/package/GetUDVariables.txt
PowerDecode-2.7.1/package/GraphicsFunctions.ps1
PowerDecode-2.7.1/package/InputOutputFunctions.ps1
.ps1
PowerDecode-2.7.1/package/LoggingFunctions.ps1
.ps1
PowerDecode-2.7.1/package/Main.ps1
.ps1
PowerDecode-2.7.1/package/ObfuscationAnalysisFunctions.ps1
.ps1
PowerDecode-2.7.1/package/PowerDecode.psd1
PowerDecode-2.7.1/package/ShellcodeAnalysisFunctions.ps1
.ps1
PowerDecode-2.7.1/package/StaticAnalysisFunctions.ps1
.ps1
PowerDecode-2.7.1/package/SyntaxAnalysisFunctions.ps1
.ps1
PowerDecode-2.7.1/package/UrlsAnalysisFunctions.ps1
.ps1
PowerDecode-2.7.1/package/VariablesAnalysisFunctions.ps1
.ps1
PowerDecode-2.7.1/package/VirusTotalAPIFunctions.ps1
.ps1
PowerDecode-2.7.1/package/knowledge/Bytes.txt
PowerDecode-2.7.1/package/knowledge/NetWebClient.txt
PowerDecode-2.7.1/package/knowledge/Regsvr32.txt
PowerDecode-2.7.1/package/knowledge/RunDLL32.txt
PowerDecode-2.7.1/package/logs/dummy.txt
PowerDecode-2.7.1/package/overrides/Add-Type.txt
.ps1
PowerDecode-2.7.1/package/overrides/Invoke-Expression.txt
.ps1
PowerDecode-2.7.1/package/overrides/New-Item.txt
.ps1
PowerDecode-2.7.1/package/overrides/New-Object.txt
.ps1
PowerDecode-2.7.1/package/overrides/Other.txt
.ps1
PowerDecode-2.7.1/package/symbols/doublequotes.txt
PowerDecode-2.7.1/package/symbols/tick.txt

Sharing

General

Malware Config

Extracted

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 87KB - Virtual size: 86KB

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 512B - Virtual size: 12B

07730dbbe2e10a9d5b07bd96daaa9165

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 447KB - Virtual size: 446KB

.data Size: 1010KB - Virtual size: 1010KB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.pdata Size: 5KB - Virtual size: 5KB

.xdata Size: 5KB - Virtual size: 5KB

.bss Size: - Virtual size: 2KB

.edata Size: 4KB - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 72B

.reloc Size: 17KB - Virtual size: 16KB

/4 Size: 1024B - Virtual size: 672B

/19 Size: 30KB - Virtual size: 30KB

/31 Size: 4KB - Virtual size: 4KB

/45 Size: 5KB - Virtual size: 4KB

/57 Size: 2KB - Virtual size: 2KB

/70 Size: 1024B - Virtual size: 701B

/81 Size: 15KB - Virtual size: 15KB

/92 Size: 1024B - Virtual size: 1008B

42bb568aa0e1583ac1fd29ba06977218

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 514KB - Virtual size: 514KB

.data Size: 785KB - Virtual size: 784KB

.rdata Size: 2.0MB - Virtual size: 2.0MB

.bss Size: - Virtual size: 1KB

.edata Size: 4KB - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 32B

.reloc Size: 36KB - Virtual size: 36KB

/4 Size: 512B - Virtual size: 416B

/19 Size: 24KB - Virtual size: 23KB

/31 Size: 4KB - Virtual size: 4KB

/45 Size: 4KB - Virtual size: 4KB

/57 Size: 2KB - Virtual size: 1KB

/70 Size: 1024B - Virtual size: 747B

/81 Size: 5KB - Virtual size: 4KB

/92 Size: 512B - Virtual size: 472B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 474KB - Virtual size: 473KB

.rsrc Size: 1024B - Virtual size: 988B

.text
Size: 87KB - Virtual size: 86KB

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 447KB - Virtual size: 446KB

.data
Size: 1010KB - Virtual size: 1010KB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.pdata
Size: 5KB - Virtual size: 5KB

.xdata
Size: 5KB - Virtual size: 5KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 4KB - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 72B

.reloc
Size: 17KB - Virtual size: 16KB

/4
Size: 1024B - Virtual size: 672B

/19
Size: 30KB - Virtual size: 30KB

/31
Size: 4KB - Virtual size: 4KB

/45
Size: 5KB - Virtual size: 4KB

/57
Size: 2KB - Virtual size: 2KB

/70
Size: 1024B - Virtual size: 701B

/81
Size: 15KB - Virtual size: 15KB

/92
Size: 1024B - Virtual size: 1008B

.text
Size: 514KB - Virtual size: 514KB

.data
Size: 785KB - Virtual size: 784KB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.bss
Size: - Virtual size: 1KB

.edata
Size: 4KB - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 36KB - Virtual size: 36KB

/4
Size: 512B - Virtual size: 416B

/19
Size: 24KB - Virtual size: 23KB

/31
Size: 4KB - Virtual size: 4KB

/45
Size: 4KB - Virtual size: 4KB

/57
Size: 2KB - Virtual size: 1KB

/70
Size: 1024B - Virtual size: 747B

/81
Size: 5KB - Virtual size: 4KB

/92
Size: 512B - Virtual size: 472B

.text
Size: 474KB - Virtual size: 473KB

.rsrc
Size: 1024B - Virtual size: 988B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 473KB - Virtual size: 473KB

.rsrc
Size: 1024B - Virtual size: 988B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 473KB - Virtual size: 473KB

.rsrc
Size: 1024B - Virtual size: 988B

.reloc
Size: 512B - Virtual size: 12B